--- Log opened Sat Feb 27 00:00:41 2021 00:04 -!- jnsu [~jnsu@2601:647:5a01:6e90:2c58:48d3:e0ce:31ce] has joined #bitcoin-wizards 00:09 -!- jnsu [~jnsu@2601:647:5a01:6e90:2c58:48d3:e0ce:31ce] has quit [Ping timeout: 264 seconds] 00:22 -!- justanotheruser [~justanoth@unaffiliated/justanotheruser] has quit [Ping timeout: 272 seconds] 01:09 -!- jnsu [~jnsu@2601:647:5a01:6e90:2c58:48d3:e0ce:31ce] has joined #bitcoin-wizards 01:16 -!- jnsu [~jnsu@2601:647:5a01:6e90:2c58:48d3:e0ce:31ce] has quit [Ping timeout: 264 seconds] 01:25 -!- waxwing_ is now known as waxwing 01:26 -!- waxwing [~waxwing@193.29.57.116] has quit [Changing host] 01:26 -!- waxwing [~waxwing@unaffiliated/waxwing] has joined #bitcoin-wizards 01:27 -!- jadi [~jadi@185.197.71.29] has joined #bitcoin-wizards 01:29 < waxwing> how does one get a sense of the strength of the OMDL assumption? the two references in the MuSig2 paper are good, they define the concept clearly and give interesting analysis e.g. chosen target vs known target equivalence. but they both just say 'this is a new strong assumption'. 01:29 < waxwing> i mean in some ways it all seems a bit academic: intuitively, if you're given a bunch of random targets, there is obviously not going to be a clever way to combine them such that the number of queries required is less. 01:30 < waxwing> but "obviously" ... :) 01:30 -!- jadi [~jadi@185.197.71.29] has quit [Read error: Connection reset by peer] 01:32 < sipa> does it help to know that in the generic group model it holds? 01:33 < sipa> that's not a particularly high bar, of course, ggm is pretty strong (and schemes have been broken in practice that were proven secure in ggm) 01:34 < waxwing> sipa, oh interesting, i'll happily look that up. do you have a reference offhand? 01:34 < waxwing> but yes understood re strength 01:36 < sipa> waxwing: there was a paper maybe 1.5 years ago that gave an inventory of schemea that were in one way or another proven, but still broken 01:36 < sipa> i don't remember the name 01:37 < sipa> iirc they were things of which you'd say "well duh you can't do that in ggm!", but i don't remember the details 01:38 < waxwing> oh sure, on that point.. well the only thing i always remember is reading how ecdsa was proven strongly unforgeable in GGM :) but yeah i might do a search later on that. 01:38 < sipa> right! 01:38 < sipa> it is, because there is no "extract x coordinate" in ggm, so yoh have to replace it with a hash from points to scalars 01:39 < sipa> however, i think of you actually do that, you can also prove it strongly unforgeable in just ROM/DL 01:40 < sipa> there is a better result somewhere else, where instead the x-coordinate grabbing is modelled as a reversible random mapping between points and scalars, and iirc they prove that the low-s form is also strongly unforgeable 01:42 -!- jadi [~jadi@185.197.71.29] has joined #bitcoin-wizards 01:42 < sipa> waxwing: maybe a disappointing result too... in AGM, OMDL does not follow from DL 01:42 < waxwing> sipa, pretty sure the paper i was thinking of was this:https://eprint.iacr.org/2002/026.ps 01:43 < waxwing> algebraic group model, i see. i still haven't got round to reading up on that. 01:43 < sipa> waxwing: AGM is great 01:43 < waxwing> andytoshi was telling me about it a few weeks ago. 01:44 < waxwing> sipa, re: modelled as reversible random mapping etc, are you talking about the stuff by .. Fersch et al i think? 01:44 < sipa> it's easy: any algorithm in AGM that outputs a group element, must also output how it can be written as a linear combination of any of its input group elements 01:44 < waxwing> oh 01:45 < sipa> it's far weaker than GGM, because algorithm do get access to the actual group representation 01:45 < sipa> they just are constrained to doing linear operations with them 01:45 < sipa> but things like endomorphisms don't break it 01:46 < sipa> in AGM, DL is not implied (obviously) 01:47 < sipa> however, and this is pretty interesting: in AGM it holds that DL and CDH are equivalent (either can be shown from the other) 01:48 < sipa> which feels nice, because afaik there are no groups known where they differ 01:49 < sipa> but despite that, OMDL is still distinct 02:07 < nickler> Fwiw, in our latest revision of MuSig2 (not yet uploaded) we use a falsifiable variant of OMDL that we call algebraic OMDL (AOMDL). 02:07 < nickler> The difference is that whenever the DL oracle of the OMDLis queried, it also receives a representation in all input group elements. The MuSig2 reductions are algebraic in that sense. 02:07 < nickler> Then the representation allows the AOMDL to efficiently answer the DL oracle because it knows the DL of the input group elements. 02:14 -!- laptop_ [~laptop@ppp-2-161.leed-a-1.dynamic.dsl.as9105.com] has joined #bitcoin-wizards 02:16 -!- sr_gi [~sr_gi@static-57-159-230-77.ipcom.comunitel.net] has quit [Read error: Connection reset by peer] 02:16 -!- sr_gi [~sr_gi@static-57-159-230-77.ipcom.comunitel.net] has joined #bitcoin-wizards 02:17 -!- laptop_ [~laptop@ppp-2-161.leed-a-1.dynamic.dsl.as9105.com] has quit [Remote host closed the connection] 02:34 < real_or_random> waxwing: https://crypto.stackexchange.com/q/83472/12020 on OMDL in the GGM 02:37 < real_or_random> and yeah, Fersch used a reversible random mapping https://hss-opus.ub.ruhr-uni-bochum.de/opus4/frontdoor/index/index/docId/6080 02:38 -!- TheoStorm [~TheoStorm@97.69-247-81.adsl-dyn.isp.belgacom.be] has joined #bitcoin-wizards 03:22 -!- jnsu [~jnsu@2601:647:5a01:6e90:2c58:48d3:e0ce:31ce] has joined #bitcoin-wizards 03:23 -!- TheoStorm [~TheoStorm@97.69-247-81.adsl-dyn.isp.belgacom.be] has quit [Quit: Leaving] 03:27 -!- jnsu [~jnsu@2601:647:5a01:6e90:2c58:48d3:e0ce:31ce] has quit [Ping timeout: 260 seconds] 04:25 -!- peutetre [~peutetre@185.163.110.108] has quit [Remote host closed the connection] 05:12 -!- TheoStorm [~TheoStorm@97.69-247-81.adsl-dyn.isp.belgacom.be] has joined #bitcoin-wizards 05:14 -!- jb55 [~jb55@gateway/tor-sasl/jb55] has quit [Remote host closed the connection] 05:15 -!- jb55 [~jb55@gateway/tor-sasl/jb55] has joined #bitcoin-wizards 05:33 -!- jnsu [~jnsu@2601:647:5a01:6e90:2c58:48d3:e0ce:31ce] has joined #bitcoin-wizards 05:38 -!- son0p [~son0p@181.136.122.143] has joined #bitcoin-wizards 05:40 -!- CubicEarth_ [~CubicEart@c-67-168-1-172.hsd1.wa.comcast.net] has quit [Ping timeout: 246 seconds] 05:43 -!- CubicEarth [~CubicEart@c-67-168-1-172.hsd1.wa.comcast.net] has joined #bitcoin-wizards 05:43 -!- jnsu [~jnsu@2601:647:5a01:6e90:2c58:48d3:e0ce:31ce] has quit [Ping timeout: 264 seconds] 05:47 < waxwing> ah yes i found that stackexchange Q in a search last year. Re: Fersch, i remembered it because i linked it in my blog post about schnorr sig security a couple years back. i remember also there's a pretty good youtube vid of a talk for that paper. was helpful, somewhat. 05:52 < waxwing> https://www.youtube.com/watch?v=5aUPBT4Rdr8 05:58 -!- mjevans- [~mjevans-@185.163.110.108] has joined #bitcoin-wizards 06:00 -!- jnsu [~jnsu@2601:647:5a01:6e90:2c58:48d3:e0ce:31ce] has joined #bitcoin-wizards 06:04 -!- jnsu [~jnsu@2601:647:5a01:6e90:2c58:48d3:e0ce:31ce] has quit [Ping timeout: 264 seconds] 06:26 -!- sr_gi [~sr_gi@static-57-159-230-77.ipcom.comunitel.net] has quit [Read error: Connection reset by peer] 06:26 -!- sr_gi [~sr_gi@static-57-159-230-77.ipcom.comunitel.net] has joined #bitcoin-wizards 06:48 -!- son0p [~son0p@181.136.122.143] has quit [Ping timeout: 276 seconds] 06:49 -!- son0p [~son0p@181.136.122.143] has joined #bitcoin-wizards 07:06 -!- justanotheruser [~justanoth@unaffiliated/justanotheruser] has joined #bitcoin-wizards 07:17 -!- Guyver2 [Guyver@guyver2.xs4all.nl] has joined #bitcoin-wizards 07:37 -!- pinheadmz [~pinheadmz@pool-71-105-114-182.nycmny.fios.verizon.net] has quit [Ping timeout: 276 seconds] 07:45 -!- jeremyrubin [~jr@024-176-247-182.res.spectrum.com] has joined #bitcoin-wizards 08:02 -!- jnsu [~jnsu@2601:647:5a01:6e90:2c58:48d3:e0ce:31ce] has joined #bitcoin-wizards 08:28 -!- jadi [~jadi@185.197.71.29] has quit [Remote host closed the connection] 08:29 -!- jadi [~jadi@185.197.71.29] has joined #bitcoin-wizards 08:32 -!- jadi [~jadi@185.197.71.29] has quit [Remote host closed the connection] 08:34 -!- jadi [~jadi@185.197.71.29] has joined #bitcoin-wizards 09:04 -!- jnsu [~jnsu@2601:647:5a01:6e90:2c58:48d3:e0ce:31ce] has quit [Ping timeout: 260 seconds] 09:35 -!- jonatack [~jon@37.170.73.95] has joined #bitcoin-wizards 10:08 -!- luke-jr [~luke-jr@unaffiliated/luke-jr] has quit [Quit: ZNC - http://znc.sourceforge.net] 10:12 -!- luke-jr [~luke-jr@unaffiliated/luke-jr] has joined #bitcoin-wizards 10:19 -!- nick_freeman [~nick_free@port-92-194-143-6.dynamic.as20676.net] has joined #bitcoin-wizards 10:50 -!- justanotheruser [~justanoth@unaffiliated/justanotheruser] has quit [Ping timeout: 272 seconds] 10:57 -!- jnsu [~jnsu@c-24-6-12-35.hsd1.ca.comcast.net] has joined #bitcoin-wizards 10:59 -!- jnsu [~jnsu@c-24-6-12-35.hsd1.ca.comcast.net] has quit [Remote host closed the connection] 11:01 -!- jnsu [~jnsu@2601:647:5a01:6e90:2c58:48d3:e0ce:31ce] has joined #bitcoin-wizards 11:01 -!- jnsu [~jnsu@2601:647:5a01:6e90:2c58:48d3:e0ce:31ce] has quit [Remote host closed the connection] 11:20 -!- jonatack [~jon@37.170.73.95] has quit [Ping timeout: 246 seconds] 11:20 -!- jonatack_ [~jon@37.172.209.215] has joined #bitcoin-wizards 11:44 -!- pinheadmz [~pinheadmz@pool-71-105-114-182.nycmny.fios.verizon.net] has joined #bitcoin-wizards 11:50 -!- jnsu [~jnsu@2601:647:5a01:6e90:2c58:48d3:e0ce:31ce] has joined #bitcoin-wizards 11:54 -!- jnsu [~jnsu@2601:647:5a01:6e90:2c58:48d3:e0ce:31ce] has quit [Ping timeout: 268 seconds] 12:23 -!- son0p_ [~son0p@181.136.122.143] has joined #bitcoin-wizards 12:27 -!- son0p [~son0p@181.136.122.143] has quit [Ping timeout: 265 seconds] 12:52 -!- justanotheruser [~justanoth@unaffiliated/justanotheruser] has joined #bitcoin-wizards 12:53 -!- jeremyrubin [~jr@024-176-247-182.res.spectrum.com] has quit [Ping timeout: 265 seconds] 13:16 -!- jnsu [~jnsu@2601:647:5a01:6e90:2c58:48d3:e0ce:31ce] has joined #bitcoin-wizards 13:20 -!- jnsu [~jnsu@2601:647:5a01:6e90:2c58:48d3:e0ce:31ce] has quit [Ping timeout: 240 seconds] 14:01 -!- son0p_ [~son0p@181.136.122.143] has quit [Ping timeout: 240 seconds] 14:02 -!- son0p [~son0p@181.136.122.143] has joined #bitcoin-wizards 14:06 -!- son0p [~son0p@181.136.122.143] has quit [Client Quit] 14:11 -!- nick_freeman [~nick_free@port-92-194-143-6.dynamic.as20676.net] has quit [] 14:12 -!- mjevans- [~mjevans-@185.163.110.108] has quit [Remote host closed the connection] 14:16 -!- jeremyrubin [~jr@024-176-247-182.res.spectrum.com] has joined #bitcoin-wizards 14:18 -!- Guyver2 [Guyver@guyver2.xs4all.nl] has quit [Remote host closed the connection] 14:22 -!- nick_freeman [~nick_free@port-92-194-143-6.dynamic.as20676.net] has joined #bitcoin-wizards 14:28 -!- I440r [~I440r@217.146.82.202] has joined #bitcoin-wizards 14:35 -!- vtnerd [~vtnerd@50-82-248-114.client.mchsi.com] has joined #bitcoin-wizards 15:14 -!- Emcy [~Emcy@unaffiliated/emcy] has quit [Ping timeout: 240 seconds] 15:58 -!- jnsu [~jnsu@2601:647:5a01:6e90:2c58:48d3:e0ce:31ce] has joined #bitcoin-wizards 16:03 -!- jnsu [~jnsu@2601:647:5a01:6e90:2c58:48d3:e0ce:31ce] has quit [Ping timeout: 264 seconds] 16:20 -!- deusexbeer [~deusexbee@093-092-176-141-dynamic-pool-adsl.wbt.ru] has joined #bitcoin-wizards 16:43 -!- bitdex [~bitdex@gateway/tor-sasl/bitdex] has joined #bitcoin-wizards 17:07 -!- jonatack_ [~jon@37.172.209.215] has quit [Ping timeout: 276 seconds] 17:18 -!- kenshi84 [~kenshi84@w0109049135038109.uqwimax.jp] has joined #bitcoin-wizards 17:20 -!- kenshi84_ [~kenshi84@w0109049135035195.uqwimax.jp] has quit [Ping timeout: 240 seconds] 17:30 -!- brg444 [uid207215@gateway/web/irccloud.com/x-ywoijfaymppijeyx] has joined #bitcoin-wizards 17:36 -!- jeremyrubin [~jr@024-176-247-182.res.spectrum.com] has quit [Ping timeout: 246 seconds] 17:59 -!- jeremyrubin [~jr@024-176-247-182.res.spectrum.com] has joined #bitcoin-wizards 18:10 -!- jnsu [~jnsu@2601:647:5a01:6e90:2c58:48d3:e0ce:31ce] has joined #bitcoin-wizards 18:15 -!- jnsu [~jnsu@2601:647:5a01:6e90:2c58:48d3:e0ce:31ce] has quit [Ping timeout: 264 seconds] 18:59 -!- TheoStorm [~TheoStorm@97.69-247-81.adsl-dyn.isp.belgacom.be] has quit [Quit: Leaving] 19:09 -!- belcher_ [~belcher@unaffiliated/belcher] has joined #bitcoin-wizards 19:12 -!- belcher [~belcher@unaffiliated/belcher] has quit [Ping timeout: 276 seconds] 19:52 -!- nick_fre_ [~nick_free@port-92-194-55-170.dynamic.as20676.net] has joined #bitcoin-wizards 19:52 -!- gribble [~gribble@unaffiliated/nanotube/bot/gribble] has quit [Remote host closed the connection] 19:55 -!- nick_freeman [~nick_free@port-92-194-143-6.dynamic.as20676.net] has quit [Ping timeout: 264 seconds] 20:04 -!- jeremyrubin [~jr@024-176-247-182.res.spectrum.com] has quit [Ping timeout: 276 seconds] 20:04 -!- gribble [~gribble@unaffiliated/nanotube/bot/gribble] has joined #bitcoin-wizards 20:31 -!- jnsu [~jnsu@2601:647:5a01:6e90:2c58:48d3:e0ce:31ce] has joined #bitcoin-wizards 20:37 -!- jnsu [~jnsu@2601:647:5a01:6e90:2c58:48d3:e0ce:31ce] has quit [Ping timeout: 264 seconds] 20:45 -!- shesek [~shesek@unaffiliated/shesek] has quit [Remote host closed the connection] 20:46 -!- shesek [~shesek@164.90.217.137] has joined #bitcoin-wizards 20:46 -!- shesek [~shesek@164.90.217.137] has quit [Changing host] 20:46 -!- shesek [~shesek@unaffiliated/shesek] has joined #bitcoin-wizards 20:48 -!- livestradamus [~quassel@unaffiliated/livestradamus] has quit [Quit: I'm out.] 20:48 -!- livestradamus [~quassel@unaffiliated/livestradamus] has joined #bitcoin-wizards 20:55 -!- gribble [~gribble@unaffiliated/nanotube/bot/gribble] has quit [Read error: Connection reset by peer] 21:11 -!- gribble [~gribble@unaffiliated/nanotube/bot/gribble] has joined #bitcoin-wizards 21:13 -!- roconnor [~roconnor@host-104-157-194-235.dyn.295.ca] has quit [Quit: Konversation terminated!] 21:26 -!- jnsu [~jnsu@2601:647:5a01:6e90:2c58:48d3:e0ce:31ce] has joined #bitcoin-wizards 21:31 -!- jnsu [~jnsu@2601:647:5a01:6e90:2c58:48d3:e0ce:31ce] has quit [Ping timeout: 264 seconds] 21:58 -!- brg444 [uid207215@gateway/web/irccloud.com/x-ywoijfaymppijeyx] has quit [Quit: Connection closed for inactivity] 22:50 -!- jadi [~jadi@185.197.71.29] has quit [Ping timeout: 265 seconds] 22:50 -!- belcher_ [~belcher@unaffiliated/belcher] has quit [Read error: Connection reset by peer] 22:52 -!- belcher_ [~belcher@unaffiliated/belcher] has joined #bitcoin-wizards 23:05 -!- jadi [~jadi@213.207.197.172] has joined #bitcoin-wizards 23:38 -!- jnsu [~jnsu@2601:647:5a01:6e90:2c58:48d3:e0ce:31ce] has joined #bitcoin-wizards 23:42 -!- jnsu [~jnsu@2601:647:5a01:6e90:2c58:48d3:e0ce:31ce] has quit [Ping timeout: 264 seconds] --- Log closed Sun Feb 28 00:00:42 2021